35 Times Privacy Was A Lie In 2017

Every year, we give up a little more of our privacy to big tech corporations.

This happens in a lot of little ways: feeling more comfortable letting a smart device into our home, giving more access to information about ourselves to social media platforms (or discovering to our shock how much info they had been collecting this whole time), letting our phones track us. Each of these little things doesn't feel like a lot when it happens — we might be surprised, but eventually we get used to it. Tech pushes the limits of what we feel okay with just a few inches at a time, and we don't notice until we look back that "the line" has moved miles.

This year was no exception. Let's look back and see all the ways big companies chipped away at our privacy bit by bit in 2017.

Amazon Key allows Amazon delivery people to open your door and leave your packages inside. You have to install a smart lock which can be digitally opened by your friends or Amazon, and then select it as a delivery option. A livestream camera shows you the delivery, which also is an incentive for drivers not to, well, poop on your porch, I guess. The immediate reaction from people on Twitter to the announcement was NOPE NOPE.

For the record, I think this is actually a pretty good idea and plenty of people will be excited about the convenience.

Cloud Cam is the monitor that allows you to watch your delivery take place, creating a sense of security that a delivery person isn't going to rob you. But researchers discovered that it could be disabled through Wi-Fi, meaning a delivery person could disable the camera, get inside, and ravage your toilet.

4.We discovered that Twitter has been guessing our gender and age all along.

In May, Twitter decided to allow users to see some of the information it gathers about them for targeted advertising. People immediately noticed that "gender" was one of the items — but Twitter has never asked its users to fill that out. It's just been guessing. Many people noticed it was guessing quite well, but it's still awkward and potentially distressing for people who don't identify as the gender Twitter guessed for them.

While you can make your transactions private, there's no way to make your actual profile — which typically uses your real name — unsearchable. That means there is nothing to stop someone from sending Sean Spicer thousands of dollars (unless they said it was for Cuban sandwiches, which would actually trigger Venmo's compliance team).

6.Someone found a spycam in their Airbnb, which, lol.

In "oh, that's a thing now" news, a colleague of mine thought it odd that there was a single "motion detector" in his AirBNB in the bedroom and voila, it's an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)

It's actually kind of cool to look through — it can tell you exactly where you went at exactly what times on any specific day. It also shows you which photos you took at the place you went to. Which is very cool! But...also...you know, FRIGHTENING.

Data from 57 million users was compromised back in 2016, but Uber didn't disclose it until November 2017. The hackers were paid a "bug bounty" of $100,000 by Uber. Bug bounties are common — a way of rewarding people who report software vulnerabilities. But this was unusually large, and it skirted Uber's legal obligation to inform its customers there was a hack.

Uber's new CEO, Dara Khosrowshahi, only just found out about the hack, which happened under disgraced former CEO Travis Kalanick, and called an investigation. The New York attorney general, Eric Schneiderman, is also investigating.

10.Imgur was hacked back in 2014 and only found out just now.

On November 23, we were notified about a data breach on Imgur that occurred in 2014. While we are still actively investigating the intrusion, we wanted to inform you as quickly as possible as to what we know and what we are doing in response. More: http://blog.imgur.com/?p=12005

Welcome to the future, may I scan your face? Face ID launched for the iPhone X — you can unlock your phone just by looking at it. People might have had some qualms about it, but plenty went ahead and bought the phone and are happily using it. Apple says it's more secure than the finger Touch ID. And until true Face/Off technology is perfected we're ok. Oh wait...

So we don't even need to wait for Face/Off surgery! A Vietnamese cybersecurity firm did a test using a silicon mask. While the mask worked successfully in a demo for reporters at Reuters, the researcher said he couldn't do it on a new blank phone, because it would take too long to set up. So take it with a tiny bit of skepticism.

Vice's Motherboard reports that based on just a few "likes," marketers can analyze your psychology, and serve you ads based on that. For example, they can tell if you're an introvert or extrovert, which can be used to more effectively get you to click on ads. Let's say a travel agency advertises packages to Las Vegas to extroverts, and secluded bed and breakfasts to introverts.

Over 5.5 million sites use the security and web performance company Cloudflare, including some incredibly huge and popular sites like Yelp. A bug in HTTPS caused some data to be pushed to the wrong place — dating site messages and hotel bookings ended up on search results, or Fitbit info was pushed to a site in the Philippines. Basically: Change your password, everyone!

16.TV ads hijacked Google Home smart speakers to sell you burgers.

Burger King made a TV ad where a pitchman says "Ok, Google, what is the Whopper burger?" If you owned a Google Home smart speaker, your device would be prompted by the voice on TV to start reading the Wikipedia entry for the Whopper.

Aadhaar is the identification system for India, similar to Social Security numbers, but with a biometric ID. It started as a voluntary system, but in early 2017 a new law made it essentially mandatory. BuzzFeed tech reporter Pranav Dixit explains:

"Last month, the government passed a finance bill making it mandatory for every Indian who files tax returns to input their Aadhaar number. Asked if the government was forcing citizens to get Aadhaar despite the Supreme Court mandate, finance minister Arun Jaitley replied simply, 'Yes, we are.'

In the future, Indians may be required to use Aadhaar to log on to public Wi-Fi hotspots, buy train tickets, access bank accounts, withdraw pension money, use matrimonial websites, and buy tickets for cricket matches — among other things.

Critics paint a grim picture of India with mandatory Aadhaar: an Orwellian state with every action of every citizen under constant scrutiny at all times.

BuzzFeed News obtained chats between customers in India and customer service agents from Amazon telling them that if they didn't upload their biometric ID, it might delay being able to track their packages. It's one thing to give the government your biometric ID; it's another to give it to Amazon.

Under law, banks have to report suspicious transactions over $10,000, and hand over lists of these transactions to a government agency every day. But FinCEN, the agency that has the legal access to these lists of transactions says, another agency — the Treasury's intelligence department — has been accessing the information. Sources told BuzzFeed News that this is effectively a backdoor for the CIA and other intelligence agencies to snoop on Americans' finances.

As part of a revenge-porn prevention measure Facebook piloted in Australia, you can upload your nudes through Messenger; then Facebook will digitally scan them using machine learning and block anyone else from uploading that exact same photo. Facebook says it's not storing the photos anywhere, only a digital "hash" of it (basically a 1s and 0s version). Buuuut...at least one employee has to see the photos and verify it's actually a nude and not, like, a photo of Trump.

You know how the "People You May Know" section is eerily creepy? Like, it might find your old landlord, or a family friend you've never emailed or don't have mutual friends with? A Gizmodo investigation showed how Facebook creates a network of contacts far beyond what you'd expect when you allow them access to your contacts list on your phone. You might never realize how much Facebook knows about you from access to your contacts until that one moment a really uncanny person shows up in your suggested friends.

DHS published a rule that will affect immigrants — including permanent residents and naturalized citizens — that they will look at "social media handles, aliases, associated identifiable information, and search results" as part of someone's immigration file. The idea for this started under Obama after the San Bernardino shooting, in hopes that looking at social media could potentially stop violence or terrorist attacks. But advocates say this infringes on privacy and potentially free speech.

ProPublica reported that at a conference for government technology contractors like Microsoft, Deloitte, Accenture, and Motorola, a representative from Immigration and Customs Enforcement said in a presentation that they were looking for tools that could monitor immigrants' social media and monitor for potential threats.

The camera is always on and can sense using AI when it's time to take a great pic — like when you're looking at it or subjects are in view. It's apparently great for kids and pets, who are hard to get to sit still when you pull out a camera. All the pics are stored on the machine locally. But still...

"Let’s say my father has activated Drop In for me on his Echo Show. All I have to do is say, 'Alexa, drop in on Dad.' It then turns on the microphone and camera on my father’s device and starts broadcasting that to me. For the several seconds of the call, my father’s video screen would appear fogged over. But then there he’ll be. And to be clear: This happens even if he doesn’t answer. Unless he declines the call, audibly or by tapping on the screen, it goes through. It just starts. Hello, you look nice today."

To send push alerts and messages, Android had been collecting cell tower info on phones who had locations services turned off. That's enough to let someone know roughly where you are — what city, for example. After Google was contacted by Quartz about this, it said it would stop doing it.

29.Hinge created a matchmaking app, and it means that anyone can download it and see which of their Facebook friends are using Hinge.

Hinge

The idea is to helpfully suggest matches for your friends looking for love. But what it can do is allow someone who isn't on regular Hinge to be able to view all of their Facebook friends who are on the dating app.

While it's always been possible to accidentally find someone you know on a dating app, this is an instant way to find out which of your acquaintances is single and dating. It could embarrass someone who doesn't want coworkers or family to know they're dating, or even out someone interested in same-sex dating.

Driver's license photos will be pooled across states and territories to make one big database of photos that will be scanned with facial recognition software. It will be used by law enforcement for cases of identity theft, and prevent people from getting two licenses.

Prime Minister Malcolm Trumbull said the government could also use it to identify people on CCTV footage. G'day, surveillance state!

Wish is the No. 1 advertiser on Facebook, and is valued at $8.5 billion. And yet for some reason it gives all shoppers public "profiles" and doesn't have an option to make their wishlists or saved items lists private. So think twice before adding some of their very weird sex toys to your wish lists.

32.Twitter admitted it accidentally posted your city location if you were uploading a GIF.

After consumers and lawmakers expressed concern about about how the device will record children and how it will protect and store the information, Mattel decided it didn't "fully align with Mattel's new technology strategy." The Aristotle was supposed to be a smart baby monitor that would play soothing music if an infant was crying, and for toddlers it would read stories or teach manners.

The smart vacuum has been collecting data about your home and now connects to Alexa. Roomba sees selling this data as a new business model where it can connect your data (if you opt in) to Apple, Google, or Amazon.

35.And this.

Ok, just kidding. It's a fake camera, it doesn't really record or send it to elves.

BUT. It's one more tiny step in indoctrinating children into feeling comfortable with constantly being watched by an omniscient authoritarian power (Santa). Is it just a cute holiday toy, or is it another example of the chipping away of our expectation of privacy? Answer me that, Santa!